Most of us would like to believe we’re smart enough not to open an email attachment that’s advertised as a nude photo. But enough people will still bite when this ancient social engineering trick hits their inboxes, so the bad guys keep ’em coming. This morning, my friend Graham Cluley at Sophos is warning of a new nudie trick. In the Sophos Naked Security blog, Cluley writes of a malware-laced file advertised as nude photos of girlfriends and the like. He says, “Computer users are being warned to be wary of email messages which suggest they contain nude photographs of girlfriends, or claim that they have been reported to the police, as the attached file (Photo.zip) really contains a Trojan horse.” He says the bad guys are using the following subject lines in these emails: These pictures should be taken down immediately. You can’t say I haven’t warned you now enjoy the consequences. The police investigation is under way now. You’ll be really sorry about what you have done. The criminal investigation agains you has started. Grave privacy violation is a serious thing. Here’s another example: Subject: Lets put this behind us once and for all I know you broke into my email. Message body: Hate to bother you I have a proof that you broke into my email and stole my private photos and financial information. It can be clearly seen in the files attached to this message. If you don’t respond within 48 hours I will have to report you. And another: Subject: How can you be so cruel to me? I’ll have to react and destroy you. Message body: Hate to bother you This is quite crazy but someone sent me a nude picture of your girlfriend. Is seems to be her in attachent right? We’ll have to track down the bastard who do it I can help you! “You can just imagine how some folks would react if they received one of these emails,” Cluley writes. “Many would probably open the attachment – either out of curiosity or concern – and could end up having their Windows computer infected as a result. Please remember to always be suspicious of unsolicited emails, and keep your security software updated.” As someone who recently fell for such a scheme — in my case it was a tweet about someone saying bad things about me online — I would advise you to heed Cluley’s words. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe